log Integration
file-analysis (en)

ServicePilot log-file-analysis

# Log File Analysis


This package contains the basis for monitoring information extracted from a log file.


This package is a template that defines a class used to receive information extracted from a log file using the ServicePilot Agent.

This template cannot be used directly. Instead, the class defined in this package needs to be customized to contain log field definitions appropriate to the fields the ServicePilot Agent will send.

The ServicePilot Agent also needs to be configured to extract information from a log file, parse this information and then present it to ServicePilot in the form expected by the log class.

An object based on the log class is instantiated automatically based on view parameters specified in the ServicePilot Agent configuration.


  • Network Flows - It is mandatory that the network continuity is ensured. In case of a network infrastructure using a firewall, all the ports below must be opened

    • ServicePilot Manager Web server access (by default TCP/80 when using HTTP or TCP/443 when using HTTPS although this port is configurable): Between ServicePilot Agent and ServicePilot Manager
  • ServicePilot Requirements

    • ServicePilot Manager minimum version: 8.5
    • ServicePilot Agent minimum version: 8.5 installed and configured


Before adding a resource to monitor, make certain that all pre-requisites are in place and if a ServicePilot Agent is required, that it is communicating correctly with the ServicePilot Manager.

Add resource using Views Configuration web interface

  1. As an administrative user of ServicePilot, open the ServicePilot web interface.
  2. Navigate to Administration. The Configuration > Views web page will open.
  3. Click on the view in which to place the new resource in the Views hierarchy on the left of the interface. The View editor section will show the existing view contents.
  4. From the Packages list on the right of the interface, click and drag the log-file-analysis package into the View editor and let go.
  5. The Package properties dialog box will open to allow resource configuration.
  6. Click OK to close the Package properties dialog box. Note that the dialog box will not close if required parameters are not set.
  7. Click Save to apply the new resource to ServicePilot configuration.

Key field notes

  1. In the Monitoring Policies tab, specify the policy or policies to apply to the package

  2. Log File Parameters tab:

    1. Log File Path: The full path to the log file to monitor.
    2. Treatment: Specify if the log file is always written sequentially or if new data can be added back at the begninning of the file when it is full.
  3. Parsing Parameters tab:

    1. Only extract lines containing: Only capture log lines that contain this key string. If blank, all lines are collected.
    2. Polling Interval (sec): Specify the time interval (in seconds) at which ServicePilot will poll the log file for new lines (default 60).
  4. Indicators tab:

    1. Indicator Extraction Type: Either a regular expression can be used to extract indicators or a list of indicator extraction definitions can be used.
    2. Data #: A comma separated list of elements used to search of an indicator in the resulting web page. The first element is a quoted search string. The second parameter is the number of delimiters from 0 upwards to skip after the search string. The third parameter is the length of the element to extract (set to 0 to take characters between two delimiters). The next parameter is yes if numeric conversion is requested or no otherwise. The last parameter is a | separated list of hexadecimal ASCII character codes defining the delimiters.
    3. Regex: A regular expression pattern match. The brackets in the pattern match will be used to fill in the indicator number specified by the ? placeholders. Indicators go from 1 up to 5.


  • The ServicePilot Agent must be installed on a server with access to the log files. It is highly recommended that this be the server that generating the logs rather than a remotely accessed file.